Petty Criminals Have Use Of Sophisticated Hacking Tools

Uploaded on 2018-03-26 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Sophisticated hacking tools and techniques like watering-hole attacks, once used only by nation states or proxies, now increasingly used by criminal hackers, fueling concerns that state-sponsored hackers may have gone rogue.

An eye-opening report from researchers at CyberInt has revealed how existing hacker groups, who were never found to be associated with or sponsored by governments, have started using sophisticated hacking tools and techniques that were once used only by nation states.

The report talks about the possibility of government-backed-hackers going rogue and commercialising their tools and exploits. Considering how powerful and advanced these hacking tools and techniques are, it would be naive for one to believe that it has been developed by hackers who have traditionally used crude malware or employed "smash and grab" techniques aimed at producing quick results.

For example, "watering hole attacks" that were previously carried out by nations like China and Russia are now being launched by various hacker groups. 

These attacks involve hackers infiltrating IT systems of targeted organisations or exploiting weaknesses in the defences of third parties such as the target organisation's suppliers, sub-contractors, partners, and clients. 

At the same time, hacker groups have also been found utilising Saturn ransomware, a highly sophisticated software that can be distributed via phishing email or other malicious campaigns and used to encrypt files stored in victims' systems. According to CyberInt, Saturn as a Ransomware-as-a-Service (RaaS) affiliate programmes are available on the Dark Web for free.

“These new types of attacks, which started to appear in the latter half of 2017, can be particularly dangerous for corporates as this new breed of OCGs are in it for the long game and will sit within a compromised IT system, carrying out repeated fraud, siphoning off cash and carrying out cyber-espionage,” says Jason Hill, lead research analyst at cyber-security firm CyberInt. 

Bill Evans, senior director at security firm One Identity, told SC Magazine UK that even though one can't say with absolute certainty, "it's not difficult to imagine a situation where capabilities once reserved for the sophisticated few are now generally available to the “cyber masses” as this is nature of cyber-warfare and why it is different than traditional warfare.
He added that it is not particularly easy for a cyber-gang to replicate sophisticated hacking tools and techniques, but it is easier for such gangs to copy software or to hire them to carry out their own malicious campaigns.

Giovanni Vigna, CTO and co-founder of Lastline, said: “While it is true that criminal groups have obtained access to increasingly advanced hacking techniques and, in addition, they have been used more sophistication in their attacks, nation-state-sponsored hackers are deemed to have access to caches of 0-days (undisclosed vulnerabilities) and other unique tools and techniques".

As far as defending against enhanced capabilities of hacker groups is concerned, CyberInt says that "companies in all sectors now need to strengthen their cyber-defences in ways previously only thought necessary for organisations such as government contractors. 

"This means extending their security perimeters to encompass areas such as social networking and third-parties such as suppliers and clients, who may be largely unaware of the growing sophistication of the OCGs."

The firm adds that senior executives and key staff members need to be trained to protect themselves from hackers who might use their personal details to launch an orchestrated attack on an enterprise.

Enterprises should also liaison with third-parties such as suppliers and sub-contractors to ensure that basic cyber-security protocols such as using encrypted email are followed.

“There is no prescription or silver bullet for “being secure.”  In fact, if a security expert believes he or she can make his or her organisation secure, they are fooling themselves.  The best a security pro can aim for is to be more secure tomorrow than he / she is today," Evans added.

According to Evans, essential steps to improve an organisation's cyber-security must include controlling, securing and managing privileged accounts, deploying multi-factor authentication, educating employees about phishing attacks, and ensuring that right people have the right access to the right things at the right time.  

"Perfect protection is impossible to achieve, but adopting and combining best-of-breed technologies to cover (sometimes with redundancy) the various aspects of security increases the ability to protect. Using one vendor or one solution to cover all facets of the security problem usually results in an increase in risk," said Vigna.

SC Magazine

You Might Also Read: 

British IT Bosses Fear Sophisticated Cyber Threats:

Mercenary Hackers Funded By Nation-States:
 

 

« UK Police Helping Business Fight Cyber Attacks
Equifax: Insider Trading Charges »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

CyberPilot

CyberPilot

CyberPilot ApS is a Danish cybersecurity company. We work with all types of companies and organisations, both large and small, who want to achieve effective cybersecurity.

SafeBreach

SafeBreach

SafeBreach's platform simulates hacker breach methods across the entire kill chain to identify breach scenarios in your environment before an attacker does.

Travelers

Travelers

Travelers is a leading writer of US commercial property casualty insurance and one of the world’s largest global insurers for cyber insurance.

CyberForum

CyberForum

CyberForum supports businesses from the IT and high-tech industry in all stages of their development: from startup consulting to professional staffing and even location marketing campaigns.

iHLS Startups Accelerator

iHLS Startups Accelerator

iHLS Accelerator is the first startup accelerator in the world in the security and homeland security field.

CYBER.ORG

CYBER.ORG

CYBER.ORG's goal is to empower educators as they prepare the next generation to succeed in the cyber workforce of tomorrow.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Hunton Andrews Kurth

Hunton Andrews Kurth

Hunton Andrews Kurth LLP serves clients across a broad range of complex transactional, litigation and regulatory matters. Practice areas include Privacy and Cybersecurity.

Beyond Encryption

Beyond Encryption

Mailock by Beyond Encryption is a secure email solution that allows businesses to exchange email securely, safe in the knowledge that their email can only be read by their intended recipient.

Cognyte

Cognyte

Cognyte are a market leader in security analytics software that empowers governments and enterprises with Actionable Intelligence for a safer world.

Xperience

Xperience

Xperience solves our clients’ toughest challenges by delivering business efficiency through digital transformation solutions across cloud, managed IT, CRM and ERP.

Searchlight Cyber

Searchlight Cyber

Searchlight Cyber is a leading darknet intelligence company. Working with law enforcement, industry, and end users to help protect society against the threats of the darknet.

Digistor

Digistor

Digistor is a leading manufacturer of industrial-grade flash storage products, secure storage products, and Removable Secure Data Storage.

Involta

Involta

Involta orchestrates IT transformation journeys using well-defined and rigorous processes to deliver hybrid cloud solutions, consulting and data center services tailored to our clients’ needs.

SphereX Technologies

SphereX Technologies

SphereX is the first on-chain security solution for Web3 applications.